Communication system

ABSTRACT

A communication system is described in which user plane communication and control plane communication for a particular mobile communication device can be split between a base station that operates a small cell and a macro base station. Appropriate security for the user plane and control plane communications is safeguarded by ensuring that each base station is able to obtain or derive the correct security parameters for protecting the user plane or control plane communication for which it is responsible.

CROSS-REFERENCE TO RELATED PATENT APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.16/852,135, filed Apr. 17, 2020, which is a continuation of U.S. patentapplication Ser. No. 16/267,091, filed Feb. 4, 2019, now U.S. Pat. No.10,716,035, which is a continuation of U.S. patent application Ser. No.15/851,597, filed Dec. 21, 2017, now U.S. Pat. No. 10,237,787, which isa continuation of U.S. patent application Ser. No. 15/349,626, filedNov. 11, 2016, now U.S. Pat. No. 9,913,177, which is a continuation ofU.S. patent application Ser. No. 14/761,363, filed Jul. 16, 2015, nowU.S. Pat. No. 9,526,002, which is a National Stage Entry ofInternational Application No. PCT/JP2013/083535, filed Dec. 10, 2013,which claims priority from United Kingdom Patent Application No. GB1300884.2, filed Jan. 17, 2013. The entire contents of theabove-referenced applications are expressly incorporated herein byreference.

TECHNICAL FIELD

The present invention relates to mobile communication devices andnetworks, particularly but not exclusively those operating according tothe 3^(rd) Generation Partnership Project (3GPP) standards orequivalents or derivatives thereof. The invention has particularalthough not exclusive relevance to further development of the so calledthe Long Term Evolution (LTE)/advanced LTE (LTE-Advanced (LTE-A)) ofUTRAN (called Evolved Universal Terrestrial Radio Access Network(E-UTRAN)).

BACKGROUND ART

It has been decided, as part of the 3GPP standardisation process, thatdownlink operation for system bandwidths beyond 20 MHz will be based onthe aggregation of a plurality of component carriers at differentfrequencies. Such carrier aggregation can be used to support operationin a system both with and without a contiguous spectrum (for example, anon-contiguous system may comprise component carriers at 800 MHz, 2 GHz,and 3.5 GHz). Whilst a legacy mobile device may only be able tocommunicate using a single, backward compatible, component carrier, amore advanced multi-carrier capable terminal would be able tosimultaneously use the multiple component carriers.

As mobile (cellular) communication technology has developed there havebeen proposals to provide enhanced communication in relatively smallgeographic regions by having small cells (e.g. ‘pico’ or ‘femto’ cells)that coexist with a larger (‘macro’) cell and provide enhancedcommunication capabilities in the localised geographic region that thesmall cell covers. These small cells can be provided on the same carrieras the macro cell or can be provided on a different (e.g. higherfrequency) dedicated carrier.

More recently, it has been proposed to allow user data for a particularuser device such as a mobile telephone or other mobile communicationdevice (also referred to as ‘user equipment’ or a ‘UE’) to becommunicated via a different cell to the cell via which control data forthat user device is communicated. Specifically, it has been proposed toallow the user plane (U-plane) and control plane (C-plane) for aparticular user device to be split between the small cell and the macrocell such that U-plane data is communicated via the small cell andC-plane data is communicated via the macro cell.

The small cell of this proposal is, effectively a ‘pseudo’ cell or‘phantom’ cell because it does not provide conventional cell-specificsignals and/or channels such as carrier reference signals, masterinformation/system information broadcasts, primary/secondarysynchronisation signals, etc.

In theory, the C-plane/U-plane split of this proposal provides anoptimisation of: the benefits of the better connectivity typicallyoffered by a macro cell for critical control signalling; and thebenefits of higher throughput and more flexible, energy efficient, andcost effective communication offered by a small cell using a higherand/or wider frequency band for higher volume user data.

However, the C-plane/U-plane split proposal presents a number ofchallenges that need to be addressed if such a proposal is to beimplemented practically in the global communication network.

One such challenge is the provision of appropriate communicationsecurity where different base stations are responsible for U-planesignalling and C-plane signalling respectively whilst ensuring that theuser device is able to encipher/decipher user data and control datacorrectly. This has the potential to add significant unwanted complexityto signalling between the core network, the base station, and the userdevice.

Moreover, in order to ensure appropriate security it is beneficial to beable to, from time to time, regenerate the security keys used forencryption and integrity protection (‘re-keying’ or ‘key-refresh’). Suchdynamic key changing can be the result of explicit re-keying or implicitkey-refresh procedures. To ensure that the security parameters used forciphering and integrity protection remain unique, for example, keyrefresh is typically required when the Packet Data Convergence Protocol(PDCP) counter (‘PDCP COUNT’), which is used as a ciphering input,reaches its limit and ‘wraps around’ or ‘rolls over’ back to itsstarting value. Re-keying/key-refresh avoids the risk that previouslyused PDCP COUNT values are re-used, in combination with the samesecurity key, as inputs for ciphering thereby avoiding the cyclic re-useof earlier security parameters.

However, currently, such dynamic key refreshing is not possible when theU-plane and C-plane are split because the PDCP count is maintained inthe U-plane whilst the control signalling required for re-keying occursin the C-plane.

SUMMARY OF INVENTION

The invention therefore aims to provide a mobile communication system, amobile communication device, a communication node and associated methodswhich overcomes or at least mitigates the above issues.

According to one aspect of the invention there is provided a mobilecommunication device for communicating user plane data via firstcommunication apparatus, of a communication network, that operates afirst communication cell, and for receiving control plane signallingrelated to user plane communication from second communication apparatus,of the communication network, that operates a second communication cell,said mobile communication device comprising: means for receivingsecurity information; means for obtaining, from said securityinformation, at least one user plane security parameter for providinguser plane security for said user plane communication via said firstcommunication apparatus and at least one control plane securityparameter for providing control plane security for control planecommunication via said second communication apparatus; and means forapplying said at least one user plane security parameter in said userplane communication via said first communication apparatus and forapplying said at least one control plane security parameter in saidcontrol plane communication via said second communication apparatus.

Optionally, said mobile communication device may be operable to receivean indicator that user plane and control plane may be provided bydifferent respective communication apparatus.

Optionally, said mobile communication device may be operable to receivesaid indicator that said user plane and said control plane may beprovided by different respective communication apparatus from saidsecond communication apparatus.

Optionally, said mobile communication device may be operable to receivesaid indicator that said user plane and said control plane may beprovided by different respective communication apparatus from acommunication entity of said communication network (e.g. a core networkentity, e.g. a mobility management entity ‘MME’).

Optionally, said at least one user plane security parameter may comprisea security key ‘K_(UPenc)’ for ciphering and/or deciphering user planecommunication.

Optionally, said obtaining means may be operable to obtain said securitykey ‘K_(UPenc)’ for ciphering and/or deciphering user planecommunication from by deriving it using a further security key (e.g.‘K_(eNB)’ or ‘K_(eNB)*’) obtained from said security information.

Optionally, said obtaining means may be operable to obtain said securitykey ‘K_(UPenc)’ for ciphering and/or deciphering without derivationrequiring a further security key.

Optionally, said at least one user plane security parameter may comprisea security key ‘K_(UPint)’ for integrity protection of user planecommunication.

Optionally, said at least one control plane security parameter maycomprise a security key ‘K_(RRCenc)’ for ciphering and/or decipheringcontrol plane communication.

Optionally, said at least one control plane security parameter maycomprise a security key ‘K_(RRCint)’ for integrity protection of controlplane communication.

According to a further aspect of the invention there is provided acommunication apparatus for operating a communication cell via which amobile communication device that can engage in user plane communication,in a communication network in which further communication apparatusoperates a further cell and provides control plane signalling related tosaid user plane communication, the communication apparatus comprising:means for operating said communication cell via which said mobilecommunication device can engage in user plane communication; means forreceiving security information; means for obtaining, from said securityinformation, at least one user plane security parameter for providinguser plane security for said user plane communication; and means forapplying said user plane security parameter to user plane communicationvia said first communication apparatus.

Optionally, said means for receiving said security information may beoperable to receive said security information from said furthercommunication apparatus.

Optionally, said means for receiving said security information may beoperable to receive said security information over an X2 interface.

Optionally, said means for receiving said security information may beoperable to receive said security information from a communicationentity of said communication network (e.g. a core network entity, e.g. amobility management entity ‘MME’).

Optionally, said means for receiving said security information may beoperable to receive said security information over an S1 interface.

Optionally, said means for operating said communication cell may beconfigured to operate a cell that is small relative to the further celloperated by the further communication apparatus.

Optionally, said at least one user plane security parameter may comprisea security key ‘K_(UPenc)’ for ciphering and/or deciphering user planecommunication.

Optionally, said obtaining means may be operable to obtain said securitykey ‘K_(UPenc)’ for ciphering and/or deciphering user planecommunication directly from said security information.

Optionally, said obtaining means may be operable to obtain said securitykey ‘K_(UPenc)’ by deriving it using a further security key (e.g.‘K_(eNB)’ or ‘K_(eNB)*’) obtained from said security information.

Optionally, the communication apparatus may further comprise means fortransmitting an indicator to said further communication apparatus thatsaid user plane security parameter for providing user plane securityrequires changing (e.g. in a re-keying or key refreshing procedure).

Optionally, said communication apparatus may comprise a base station.

Optionally, said base station may comprise an Evolved UniversalTerrestrial Radio Access Network (E-UTRAN) base station.

According to a yet further aspect of the invention there is provided acommunication apparatus for operating a communication cell via whichcontrol plane signalling is provided to a mobile communication device,in a communication network in which further communication apparatusoperates a further cell via which said mobile communication device canengage in user plane communication to which said control planesignalling relates, the communication apparatus comprising: means foroperating said communication cell via which said control planesignalling is provided to a mobile communication device; means forreceiving security information from a communication entity of saidcommunication network; means for obtaining, from said securityinformation, at least one control plane security parameter for providingcontrol plane security for said control plane signalling provided tosaid mobile communication device, and at least one further securityparameter; means for providing security information comprising saidfurther security parameter to said further communication apparatus; andmeans for applying said at least one control plane security parameterwhen providing said control plane signalling to said mobilecommunication device.

Optionally, said communication apparatus may be operable to transmit, tosaid mobile communication device, an indicator that user plane andcontrol plane are provided by different respective communicationapparatus.

Optionally, the communication apparatus may further comprise means forreceiving an indicator from said further communication apparatus that auser plane security parameter for providing user plane security requireschanging (e.g. in a re-keying or key refreshing procedure).

Optionally, the communication apparatus may further comprise means forinitiating, in response to receiving said indicator that said user planesecurity parameter for providing user plane security requires changing,intra-cell handover whereby to provide a change in said user planesecurity parameter for providing user plane security.

Optionally, said communication apparatus comprises a base station.

Optionally, said base station comprises an Evolved Universal TerrestrialRadio Access Network (E-UTRAN) base station.

According to a yet further aspect of the invention there is provided acommunication entity for a communication network in which a mobilecommunication device engages in user plane communication via firstcommunication apparatus that operates a first communication cell, and inwhich the mobile communication device receives control plane signallingrelated to said user plane communication from second communicationapparatus that operates a second communication cell, said communicationentity comprising: means for receiving security information from afurther communication entity of said communication network; means forobtaining, from said security information, at least one root securityparameter which can be used in the derivation of: at least one userplane security parameter for providing user plane security for said userplane communication via said first communication apparatus; and at leastone control plane security parameter for providing control planesecurity for control plane communication via said second communicationapparatus; and means for providing security information comprising saidroot security parameter to said first communication apparatus in a firstmessage and to said second communication apparatus in a second message.

Optionally, the communication entity may comprise a core network entity.

Optionally, the communication entity may comprise a mobility managemententity (MME).

Optionally, said providing means may be operable to provide said firstand said second messages over an S1 interface.

Optionally, said providing means may be operable to provide said firstand said second messages using an S1 application protocol ‘S1-AP’.

According to a yet further aspect of the invention there is provided acommunication apparatus for operating a communication cell via whichcontrol plane signalling is provided to a mobile communication device,in a communication network in which further communication apparatusoperates a further cell via which said mobile communication device canengage in user plane communication to which said control planesignalling relates, the communication apparatus comprising: means foroperating said communication cell via which said control planesignalling is provided to a mobile communication device; means forreceiving security information from a communication entity of saidcommunication network; means for obtaining, from said securityinformation, at least one control plane security parameter for providingcontrol plane security for said control plane signalling provided tosaid mobile communication device; means for transmitting, to said mobilecommunication device, an indicator that user plane and control plane areprovided by different respective communication apparatus; and means forapplying said at least one control plane security parameter whenproviding said control plane signalling to said mobile communicationdevice.

Optionally, said obtaining means may be operable to obtain, from saidsecurity information, at least one further security parameter, and mayfurther comprise means for providing security information comprisingsaid further security parameter to said further communication apparatus.

According to a yet further aspect of the invention there is provided amobile communication device for communicating user plane data via firstcommunication apparatus, of a communication network, that operates afirst communication cell, and for receiving control plane signallingrelated to user plane communication from second communication apparatus,of the communication network, that operates a second communication cell,said mobile communication device comprising: means for obtaining a firstset of security parameters for said user plane communication, from afirst authenticated key agreement (AKA) procedure in respect of saidfirst communication apparatus, and for generating an associated firstsecurity context; means for obtaining a second set of securityparameters for control plane communication, from a second authenticatedkey agreement (AKA) procedure in respect of said second communicationapparatus, and for generating an associated second security context; andmeans for maintaining said first security context and said secondsecurity context.

According to a yet further aspect of the invention there is provided acommunication entity for a communication network in which a mobilecommunication device is able to engage in user plane communication viafirst communication apparatus that operates a first communication cell,and in which the mobile communication device is able to receive controlplane signalling related to said user plane communication from secondcommunication apparatus that operates a second communication cell, saidcommunication entity comprising: means for performing a firstauthenticated key agreement (AKA) procedure, in respect of said firstcommunication apparatus, for user plane communication and for generatingan associated first security context; means for performing a secondauthenticated key agreement (AKA) procedure, in respect of said secondcommunication apparatus, for control plane communication and forgenerating an associated second security context; and means formaintaining said first security context and said second securitycontext.

According to a yet further aspect of the invention there is provided amethod performed by a mobile communication device that is able tocommunicate user plane data via first communication apparatus, of acommunication network, that operates a first communication cell, and isable to receive control plane signalling related to user planecommunication from second communication apparatus, of the communicationnetwork, that operates a second communication cell, said methodcomprising: receiving security information; obtaining, from saidsecurity information, at least one user plane security parameter forproviding user plane security for said user plane communication via saidfirst communication apparatus and at least one control plane securityparameter for providing control plane security for control planecommunication via said second communication apparatus; and applying saidat least one user plane security parameter in said user planecommunication via said first communication apparatus and applying saidat least one control plane security parameter in said control planecommunication via said second communication apparatus.

According to a yet further aspect of the invention there is provided amethod performed by communication apparatus when operating a cell viawhich a mobile communication device can engage in user planecommunication, in a communication network in which further communicationapparatus operates a further cell and provides control plane signallingrelated to said user plane communication, the method comprising:receiving security information; obtaining, from said securityinformation, at least one user plane security parameter for providinguser plane security for said user plane communication; and applying saiduser plane security parameter to said user plane communication via saidfirst communication apparatus.

According to a yet further aspect of the invention there is provided amethod performed by communication apparatus when operating a cell viawhich control plane signalling is provided to a mobile communicationdevice, in a communication network in which further communicationapparatus operates a further cell via which said mobile communicationdevice can engage in user plane communication to which said controlplane signalling relates, the method comprising: receiving securityinformation from a communication entity of said communication network;obtaining, from said security information, at least one control planesecurity parameter for providing control plane security for said controlplane signalling provided to said mobile communication device, and atleast one further security parameter; providing security informationcomprising said further security parameter to said further communicationapparatus; and applying said at least one control plane securityparameter when providing said control plane signalling to said mobilecommunication device.

According to a yet further aspect of the invention there is provided amethod performed by a communication entity in a communication network inwhich a mobile communication device engages in user plane communicationvia first communication apparatus that operates a first communicationcell, and in which the mobile communication device receives controlplane signalling related to said user plane communication from secondcommunication apparatus that operates a second communication cell, saidmethod comprising: receiving security information from a furthercommunication entity of said communication network; obtaining, from saidsecurity information, at least one root security parameter which can beused in the derivation of: at least one user plane security parameterfor providing user plane security for said user plane communication viasaid first communication apparatus; and at least one control planesecurity parameter for providing control plane security for controlplane communication via said second communication apparatus; andproviding security information comprising said root security parameterto said first communication apparatus in a first message and to saidsecond communication apparatus in a second message.

According to a yet further aspect of the invention there is provided amethod performed by communication apparatus when operating acommunication cell via which control plane signalling is provided to amobile communication device, in a communication network in which furthercommunication apparatus operates a further cell via which said mobilecommunication device can engage in user plane communication to whichsaid control plane signalling relates, the method comprising: operatingsaid communication cell via which said control plane signalling isprovided to a mobile communication device; receiving securityinformation from a communication entity of said communication network;obtaining, from said security information, at least one control planesecurity parameter for providing control plane security for said controlplane signalling provided to said mobile communication device;transmitting, to said mobile communication device, an indicator thatuser plane and control plane are provided by different respectivecommunication apparatus; and applying said at least one control planesecurity parameter when providing said control plane signalling to saidmobile communication device.

According to a yet further aspect of the invention there is provided amethod performed by a mobile communication device that is able tocommunicate user plane data via first communication apparatus, of acommunication network, that operates a first communication cell, andthat is able to receive control plane signalling related to user planecommunication from second communication apparatus, of the communicationnetwork, that operates a second communication cell, said methodcomprising: obtaining a first set of security parameters for said userplane communication, from a first authenticated key agreement (AKA)procedure in respect of said first communication apparatus, andgenerating an associated first security context; obtaining a second setof security parameters for control plane communication, from a secondauthenticated key agreement (AKA) procedure in respect of said secondcommunication apparatus, and generating an associated second securitycontext; and maintaining said first security context and said secondsecurity context.

According to a yet further aspect of the invention there is provided amethod performed by a communication entity in a communication network inwhich a mobile communication device is able to engage in user planecommunication via first communication apparatus that operates a firstcommunication cell, and in which the mobile communication device is ableto receive control plane signalling related to said user planecommunication from second communication apparatus that operates a secondcommunication cell, said method comprising: performing a firstauthenticated key agreement (AKA) procedure, in respect of said firstcommunication apparatus, for said user plane communication and forgenerating an associated first security context; performing a secondauthenticated key agreement (AKA) procedure, in respect of said secondcommunication apparatus, for control plane communication and forgenerating an associated second security context; and maintaining saidfirst security context and said second security context.

According to a yet further aspect of the invention there is provided acommunication system comprising a mobile communication device accordingto a previous aspect, first communication apparatus according to aprevious aspect, and second communication apparatus according to aprevious aspect, wherein said mobile communication device is configuredfor communicating user plane data via the first communication apparatusand for receiving control plane signalling related to said user planecommunication from the second communication apparatus.

According to a yet further aspect of the invention there is provided acommunication system comprising a mobile communication device accordingto a previous aspect, first communication apparatus according to aprevious aspect, second communication apparatus, and a communicationentity according to a previous aspect, wherein said mobile communicationdevice is configured for communicating user plane data via the firstcommunication apparatus and for receiving control plane signallingrelated to said user plane communication from the second communicationapparatus.

Aspects of the invention extend to computer program products such ascomputer readable storage media having instructions stored thereon whichare operable to program a programmable processor to carry out a methodas described in the aspects and possibilities set out above or recitedin the claims and/or to program a suitably adapted computer to providethe apparatus recited in any of the claims.

Each feature disclosed in this specification (which term includes theclaims) and/or shown in the drawings may be incorporated in theinvention independently of (or in combination with) any other disclosedand/or illustrated features. In particular but without limitation thefeatures of any of the claims dependent from a particular independentclaim may be introduced into that independent claim in any combinationor individually.

BRIEF DESCRIPTION OF DRAWINGS

Embodiments of the invention will now be described by way of exampleonly with reference to the attached figures in which:

FIG. 1 schematically illustrates a telecommunication system;

FIG. 2 illustrates a encryption/integrity key hierarchy used in thetelecommunication system of FIG. 1;

FIG. 3 illustrates a key derivation scheme used by a base station in thetelecommunication system of FIG. 1;

FIG. 4 illustrates a key derivation scheme used by a mobilecommunication device in the telecommunication system of FIG. 1;

FIG. 5 shows a simplified block diagram of a mobile communication devicefor the telecommunication system of FIG. 1;

FIG. 6 shows a simplified block diagram of a ‘macro’ base station forthe telecommunication system of FIG. 1;

FIG. 7 shows a simplified block diagram of a ‘pico’ base station for thetelecommunication system of FIG. 1;

FIG. 8 shows a simplified block diagram of a mobility management entityfor the telecommunication system of FIG. 1;

FIG. 9 shows a simplified timing diagram illustrating operation of thetelecommunication system of FIG. 1 in the performance of a firstsecurity procedure;

FIG. 10 shows a simplified timing diagram illustrating operation of thetelecommunication system of FIG. 1 in the performance of a secondsecurity procedure;

FIG. 11 shows a simplified timing diagram illustrating operation of thetelecommunication system of FIG. 1 in the performance of a thirdsecurity procedure;

FIG. 12 shows a simplified timing diagram illustrating operation of thetelecommunication system of FIG. 1 in the performance of a fourthsecurity procedure; and

FIG. 13 shows a simplified timing diagram illustrating operation of thetelecommunication system of FIG. 1 in the performance of anauthentication and key agreement procedure.

DESCRIPTION OF EMBODIMENTS

Overview

FIG. 1 schematically illustrates a mobile (cellular) telecommunicationsystem 1 in which a user of any of a plurality of mobile communicationdevices 3-1, 3-2, 3-3 can communicate with other users via one or moreof a plurality of base stations 5-1, 5-2 and 5-3 and a core network 110.In the system illustrated in FIG. 1, each base station 5 shown is anEvolved Universal Terrestrial Radio Access Network (E-UTRAN) basestation (or ‘eNB’) capable of operating in a multi-carrier environment.

The core network 110 comprises a plurality of functional/logicalentities including a Mobility Management Entity (MME) 112, a HomeSubscriber Server (HSS) 114, and an Authentication Centre (AuC) 116.

The MME 112 is a key control-node for the LTE access-network. It isresponsible for, among other things, authenticating the user (byinteracting with the HSS 114). Non Access Stratum (NAS) signallingterminates at the MME 112. The MME 112 is also the termination point inthe network for ciphering/integrity protection for NAS signalling andhandles the security key management.

The HSS 114 comprises a central database that contains user-related andsubscription-related information. The functions of the HSS 114 includefunctionalities such as mobility management, call and sessionestablishment support, user authentication and access authorization. TheHSS 114, in this exemplary embodiment, includes the functionality of theAuC 116 (although this could be provided separately). The AuC 116function provides authentication of each mobile communication device 3(or more specifically the associated subscriber identity module (SIM)card) that attempts to connect to the core network 110 (e.g. when themobile communication device 3 is powered on). Once the authentication issuccessful, the HSS 114 manages the SIM and services as described above.As described in more detail below, an encryption key is also generatedby the AuC 116 function that is subsequently used to encrypt allwireless communications (voice, SMS, etc.) between the mobilecommunication devices 3 and the core network 110.

In FIG. 1, the base station labelled 5-1 comprises a so called ‘macro’base station operating a relatively geographically large ‘macro’ cell10-1 using an associated component carrier having a first frequency(F1). The other base stations 5-2, 5-3 shown in FIG. 1, each comprises aso called ‘pico’ base station operating a respective ‘pico’ cell 10-2,10-3. Each pico cell 10-2, 10-3 is operated on a respective componentcarrier having a corresponding frequency band (F2). The power used toprovide pico cells 10-2, 10-3 is low relative to the power used for themacro cell 10-1 and the pico cells 10-2, 10-3 are therefore smallrelative to the macro cell 10-1.

The macro base station 5-1 provides control signalling 13-1 in a controlplane (‘C-plane’) to mobile communication devices, such as a mobilecommunication device 3-1, that are located in the macro cell 10-1 thatit operates. The macro base station 5-1 also communicates user data 11-1in a user plane (‘U-plane’) to and from mobile communication devices,such as a mobile communication device 3-1, that are located in the macrocell that it operates.

In the case of the pico cells 10-2, 10-3, however, the provision of theU-plane and the C-plane is split between the macro base station 5-1 andthe pico base station 5-2 or 5-3 that operates the pico cell 10-2, 10-3.Specifically, the macro base station 5-1 provides control signalling13-2, 13-3, in the control plane (‘C-plane’), to mobile communicationdevices, such as a mobile communication device 3-2 and 3-3, that arelocated in the pico cells 10-2 and 10-3 that are operated by the picobase stations 5-2, 5-3. Contrastingly, each pico base station 5-2, 5-3communicates user data 11-2, 11-3, in the U-plane, with a respectivemobile communication device 3-2, 3-3, in the pico cell 10-2, 10-3, whichthat pico base station 5-2, 5-3 operates.

The C-plane signalling includes, amongst other control signalling,signalling related to U-plane communication such, for example,signalling controlling resources used for user plane communication,signalling for controlling establishment and release of the user planecommunication bearers, and signalling for controlling mobility (e.g.handover) of user plane communication between cells.

In more detail, the C-plane signalling comprises control signalling,including radio resource control (RRC) signalling, for broadcast ofSystem Information; paging; establishment, maintenance and release of anRRC connection between the mobile communication device 3 and thenetwork; security functions including key management; establishment,configuration, maintenance and release of point to point radio bearers;mobility functions (hand over and cell reselection); quality of service(QoS) management functions; measurement reporting and control of thereporting; and resource allocation for the U-plane communication.

Security information required for enciphering/deciphering(encrypting/decrypting) C-plane data (and for integrity protection inthe C-plane) for each pico cell 10-2, 10-3 is provided to the macro basestation 5-1. The macro base station 5-1 uses the security information toderive appropriate security keys for enciphering/deciphering(encrypting/decrypting) the control signalling for each mobilecommunication device 3-2, 3-3 that is located in either of the picocells 10-2, 10-3.

Security information required for enciphering/deciphering(encrypting/decrypting) the respective U-plane data (and for anyintegrity protection in the U-plane) for each pico cell 10-2, 10-3 isprovided to the pico base station 5-2, 5-3 that operates that pico cell10-2, 10-3. Each pico base station 5-2, 5-3 determines appropriatesecurity keys for enciphering/deciphering (encrypting/decrypting) theuser data for each mobile communication device 3-2, 3-3 that is locatedin the pico cell 10-2, 10-3 operated by that base station 5-2, 5-3.

Security information required for enciphering/deciphering(encrypting/decrypting) C-plane data and U-plane data (and any integrityprotection) is also provided to each mobile communication device 3. Eachmobile communication device 3 determines, from the security information,appropriate security keys for enciphering/deciphering(encrypting/decrypting) the user data and control data for that device.

Each mobile communication device 3-2, 3-3 communicating via a pico cell10-2, 10-3 is also provided with an indication that the C-plane andU-plane are split between the macro and pico base stations. Thisbeneficially helps to ensure that the mobile communication device 3-2,3-3 can keep track of which base station 5 is responsible for theC-plane and which base station 5 is responsible for U-plane.Accordingly, the mobile communication device 3-2, 3-3 is able to derivethe keys for enciphering/deciphering (encrypting/decrypting) therespective U-plane data (and for any integrity protection in theU-plane) correctly even though the base station handling U-planecommunication is different to the base station providing C-planecommunication.

Security Key Hierarchy and Key Derivation

FIGS. 2 to 4 illustrate a Security Key Hierarchy and Key Derivation inthe mobile telecommunication system of FIG. 1.

Specifically, FIG. 2 illustrates a encryption/integrity key hierarchyused in the mobile telecommunication system of FIG. 1. FIG. 3illustrates a key derivation scheme used by a base station in thetelecommunication system of FIG. 1 and FIG. 4 illustrates a keyderivation scheme used by a mobile communication device in thetelecommunication system of FIG. 1.

FIGS. 2 to 4 are based on a similar figure from 3GPP Technical Standard(TS) 33.401 v 12.6.0 which, as a skilled person would understand,includes further detail of the security mechanisms that are employed inthe mobile telecommunication system of FIG. 1.

Referring to FIGS. 2 to 4, the mobile telecommunication system 1 uses anumber of security key parameters which, for the purposes ofillustration, can be considered to be arranged in a hierarchy in whichkeys at a lower level in the hierarchy may be derived from keys higherup the hierarchy (possibly in combination with other parameters) usingan appropriate key derivation function (KDF). In this exemplaryembodiment, the KDF which is used to derive the security keys is the KDFdescribed in 3GPP TS 33.220 v 11.4.0 (Annex B) with inputs as describedin 3GPP TS 33.401 v 12.6.0 (Annex A).

As seen in FIGS. 2 to 4, the security information used in the mobiletelecommunication system 1 includes the following security keyparameters:

General Key Parameters:

-   -   K is a permanent key stored on a USIM or on a UTCC in a mobile        communication device 3 and in the AuC 116.    -   CK and IK (‘cipher key’ and ‘integrity key’ respectively) is a        pair of keys derived in the AuC 116, and on the USIM/UICC,        during an AKA procedure. CK, IK are handled differently        depending on whether they are used in an Evolved Packet System        security context or a legacy security context, as described in        subclause 6.1.2 of 3GPP TS 33.401.    -   K_(ASME) is an intermediate key that is derived in the HSS 114,        and in the mobile communication device 3, from CK and IK (and        the serving network identity (SN id)).    -   K_(eNB) is a key derived by mobile communication device 3 and        MME 112 from K_(ASME) (or possibly by mobile communication        device 3 and target eNB during handover).

Keys for NAS Traffic:

-   -   K_(NASint) is a key used for the protection of NAS traffic with        a particular integrity algorithm. This key is derived by mobile        communication device 3 and MME 112 from K_(ASME), as well as an        identifier for the integrity algorithm using a KDF with inputs        as specified in clause A.7 of 3GPP TS 33.401.    -   K_(NASenc) is a key used for the protection of NAS traffic with        a particular encryption algorithm. This key is derived by mobile        communication device 3 and MME 112 from K_(ASME) and an        identifier of the encryption algorithm, using a KDF with inputs        as specified in clause A.7 of 3GPP TS 33.401.

Keys for User Plane traffic:

-   -   K_(UPenc) is a key used for the protection of U-Plane traffic        with a particular encryption algorithm. This key is derived by        the mobile communication device 3 and macro base station 5-1        from K_(eNB), as well as an identifier for the encryption        algorithm using a KDF with inputs as specified in clause A.7 of        3GPP TS 33.401. In the case of U-plane/C-plane split between        pico and macro base stations as described above, however,        K_(UPenc) is obtained at the pico base station 5-2, 5-3 (as        described in more detail later) for use in the protection of        U-Plane traffic with a particular encryption algorithm.    -   K_(UPint) is a key used for the protection of U-Plane traffic        between a Relay Node (RN) and Doner eNB (DeNB) with a particular        integrity algorithm. This key is derived by the RN and the DeNB        from K_(eNB), as well as an identifier for the integrity        algorithm using a KDF with inputs as specified in clause A.7 of        3GPP TS 33.401.

Keys for Control Plane (RRC) Traffic:

-   -   K_(RRCint) is a key used for the protection of Radio Resource        Control (RRC) traffic with a particular integrity algorithm.        K_(RRCint) is derived by the mobile communication device 3 and        macro base station 5-1 from K_(eNB), as well as an identifier        for the integrity algorithm using a KDF with inputs as specified        in clause A.7 of 3GPP TS 33.401.    -   K_(RRCenc) is a key used for the protection of RRC traffic with        a particular encryption algorithm. K_(RRCenc) is derived by the        mobile communication device 3 and macro base station 5-1 from        K_(eNB) as well as an identifier for the encryption algorithm        using a KDF with inputs as specified in clause A.7 of 3GPP TS        33.401.

Intermediate Keys:

-   -   NH (‘Next Hop’) is a key derived by the mobile communication        device 3 and MME 112, using a KDF with inputs as specified in        clause A.4 of 3GPP TS 33.401, to provide forward security (e.g.        during handover) as described in clause 7.2.8 of 3GPP TS 33.401.    -   K_(eNB)* is a key derived by mobile communication device 3, and        a source base station, from NH or currently active K_(eNB) for        use in key derivation during handover/context modification using        a KDF with inputs as specified in clause A.5 of 3GPP TS 33.401.        Specifically, on handovers, K_(eNB)* is forwarded to a target        base station from a source base station. The target base station        uses the received K_(eNB)* directly as K_(eNB) to be used with        the mobile communication device 3 being handed over. In one        example method, described in more detail later, this parameter        is, advantageously, reused during C-plane/U-plane split.

A number of other notable parameters are also used in the securityarchitecture of the mobile telecommunication network 1. These include:

-   -   AMF which is a so called Authenticated Management Field in a        database at the AuC 116, and on the SIM card of the mobile        communication device 3. The AMF is pre-shared between the mobile        communication device 3 and the AuC 116 and is used in the        calculation of certain security parameters (e.g. MAC and XMAC        described below).    -   OP which is a so called Operator Variant Algorithm Configuration        Field, in the database at the AuC 116, and on the SIM card of        the mobile communication device 3.    -   SQN which is a sequence number which is incremented each time        the network attempts to authenticate a mobile communication        device 3.    -   RAND which is a random number for use in key generation and        authentication.    -   AK which is a so called anonymity key generated at the AuC 116.    -   XRES which is a so-called ‘expected response’ generated at the        AuC 116.    -   RES is a response parameter, equivalent to XRES, but generated        at the mobile communication device 3 for sending to the MME 112        for comparison with XRES for authentication purposes.    -   MAC is a message authentication code generated at the AuC 116.    -   XMAC is the expected MAC value generated at the mobile        communication device 3 for authenticating a message against a        received MAC.    -   AUTN is a so called authentication token generated at the AuC        116.

When an MME 112 receives an attach request from a mobile communicationdevice 3, the MME 112 sends the authentication data request to theAuC/HSS 116/114. After derivation of RAND, XRES, CK, IK, and AUTN theAuC 116 combines them into a so called authentication vector(AV=RAND∥XRES∥CK∥IK∥AUTN) which is sent to the MME 112. The MME 112 canthen retrieve the individual parameters from the AV for sending to themobile communication device during an authentication and key generationprocess as described in more detail below.

In order to cipher/decipher user plane data a ciphering function is usedthat has, as its inputs: K_(UPenc); information identifying the radiobearer used for the communication (‘BEARER’); a single bit indicator ofthe direction of the communication (‘DIRECTION’); the length of thekeystream required (‘LENGTH’) and a bearer specific, but time anddirection dependent 32-bit value of an incremental counter (‘COUNT’)which corresponds to the 32-bit PDCP COUNT maintained in the PDCP layerfor the mobile communication device 3 and the pico base station 5-2,5-3.

Mobile Communication Device

FIG. 5 is a block diagram illustrating the main components of the mobilecommunication devices 3 shown in FIG. 1. Each mobile communicationdevice 3 comprises a mobile (or ‘cell’) telephone capable of operatingin a multi-carrier environment. The mobile communication device 3comprises a transceiver circuit 510 which is operable to transmitsignals to, and to receive signals from, the base stations 5 via atleast one antenna 512. The mobile communication device 3 comprises auser interface 514 via which a user can interact with the device (e.g. atouchscreen, keypad, microphone, speaker and/or the like).

The mobile communication device includes a subscriber identity module(SIM) 530 in the form of a Universal SIM (USIM) running on a UniversalIntegrated Circuit Card (UICC). The SIM 530 comprises a USIM/UICCsecurity module 532 for obtaining and storing the permanent key ‘K’534-1 which, in operation, is used for generating the other securityparameters used for communication security. The USIM/UICC securitymodule 532 is also operable to derive other security parameters 534-2such as the cipher key (CK) and integrity key (IK) using K and a‘random’ value (e.g. a value of RAND provided by the AuC 116 via the MME112). The SIM 530 has an identity 536 in the form of an internationalmobile subscriber identity (IMSI).

The operation of the transceiver circuit 510 is controlled by acontroller 516 in accordance with software stored in memory 518.

The software includes, among other things, an operating system 520, acommunication control module 522 and a security management module 525.

The communication control module 522 is configured for managingcommunication with the macro and/or base stations 5 on the associatedcomponent carriers. The communication control module 522 is configuredfor managing NAS communication with the MME 112 (indirectly via the basestation). The communication control module 522 includes a U-plane module523 for handling user data and a C-plane module 524 for handling controlsignalling such as radio resource control messages.

The security management module 525 is configured for managingcommunication security including the performance of authenticationprocedures, key and related security parameter generation andutilisation, and authentication and key agreement (AKA) to the extentthat they are performed at the mobile communication device 3. Thesecurity management module 525 is able to handle retrieval/generation ofappropriate parameters 526 for use in authentication/key generationprocedures. These parameters include: UICC/USIM parameters 526-1retrieved from the SIM 530 (e.g. parameters 534-2 such as CK and IKderived by the SIM 530); parameters 526-2 received from other sources(e.g. parameters such as AUTN and RAND received from the MME 112 inNon-Access Stratum (NAS) signalling); and parameters 526-3 that may bederived at the mobile communication device (e.g. K_(ASME), K_(NASint),K_(NASenc), K_(eNB), K_(eNB)*, NH, K_(UPenc), K_(RRCint), K_(RRCenc),etc.). The security management module 525 also includes an AKA module528 for managing AKA procedures to the extent performed by the mobilecommunication device 3.

Macro Base Station

FIG. 6 is a block diagram illustrating the main components of the macrobase station 5-1 shown in FIG. 1. The macro base station 5-1 comprisesan E-UTRAN multi-carrier capable base station comprising a transceivercircuit 610 which is operable to transmit signals to, and to receivesignals from, the mobile communication devices 3 via at least oneantenna 612. The base station 5-1 is also operable to transmit signalsto and to receive signals from: the MME 112 of the core network 110 viaan MME (S1) interface 614; and other base stations 5 via an eNB (X2)interface 616.

The operation of the transceiver circuit 610 is controlled by acontroller 616 in accordance with software stored in memory 618.

The software includes, among other things, an operating system 620, acommunication control module 622 and a security management module 625.

The communication control module 622 is configured for managingcommunication between the macro base station 5-1 and the mobilecommunication devices 3 operating within the geographic area covered bythe macro cell 10-1. The communication control module 622 is alsoconfigured to manage S1-AP signalling between the macro base station 5-1and the MME 112 and X2-AP signalling between macro base station 5-1 andother base stations.

The communication control module 622 includes a U-plane module 623 forhandling user data for the mobile communication device 3-1 communicatingvia the macro cell 10-1. The communication control module 622 alsoincludes a C-plane module 624 for generating control signalling, such asradio resource control (RRC) messages, for transmission to the mobilecommunication device 3-1 communicating via the macro cell 10-1 and forthe mobile communication devices 3-2 and 3-3 that communicate user datavia respective pico cells 10-2, 10-3.

The security management module 625 is configured for managingcommunication security including the performance of authenticationprocedures, key and related security parameter generation andutilisation, and authentication and key agreement (AKA) procedures tothe extent that they are performed at the macro base station 5-1.

The security management module 625 is able to handle receipt/generationof appropriate parameters 626 for use in authentication/key generationprocedures. These parameters 626 include parameters 626-1 received fromother sources (e.g. K_(eNB) or NH received from the MME 112, or K_(eNB)*received from a source base station during handover). The parameters 626also include parameters 626-2 that may be derived at the macro basestation 5-1 during normal operation (e.g. K_(UPenc), K_(RRCint),K_(RRCenc)) or during handover (e.g. K_(eNB)* when operating as a sourcenode or K_(eNB) (=K_(eNB)*) when operating as a target node etc.). Thesecurity management module 625 also includes an AKA module 628 formanaging AKA procedures to the extent performed by the macro basestation 5-1.

Pico Base Station

FIG. 7 is a block diagram illustrating the main components of a picobase station 5-2, 5-3 shown in FIG. 1. The pico base station 5-2, 5-3comprises an E-UTRAN multi-carrier capable base station comprising atransceiver circuit 710 which is operable to transmit signals to, and toreceive signals from, the mobile communication devices 3 via at leastone antenna 712. The pico base station 5-2, 5-3 is also operable totransmit signals to and to receive signals from: the MME 112 of the corenetwork 110 via an MME (S1) interface 714; and other base stations viaan eNB (X2) interface 716.

The operation of the transceiver circuit 710 is controlled by acontroller 716 in accordance with software stored in memory 718.

The software includes, among other things, an operating system 720, acommunication control module 722 and a security management module 725.

The communication control module 722 is configured for managingcommunication between the pico base station 5-2, 5-3 and the mobilecommunication devices 3-2, 3-3 communicating via the pico cell 10-2,10-3. The communication control module 722 is also configured formanaging S1-AP signalling between the pico base station 5-2, 5-3 and theMME 112 and X2-AP signalling between pico base station 5-2, 5-3 andother base stations.

The communication control module 722 includes a U-plane module 723 forhandling user data for a mobile communication device 3-2, 3-3communicating via the pico cell 10-2, 10-3.

The security management module 725 is configured for managingcommunication security including the performance of authenticationprocedures, key and related security parameter generation andutilisation, and authentication and key agreement (AKA) procedures tothe extent that they are performed at the pico base station 5-2, 5-3.

The security management module 725 is able to handle receipt/generationof appropriate parameters 726 for use in authentication/key generationprocedures. These parameters 726 include parameters 726-1 received fromother sources (e.g. K_(eNB) in this embodiment). The parameters 726 alsoinclude parameters 726-2 that may be derived at the pico base station5-2, 5-3 (e.g. K_(UPenc)). The security management module 725 alsoincludes an AKA module 728 for managing AKA procedures to the extentperformed by the pico base station 5-2, 5-3.

MME

FIG. 8 is a block diagram illustrating the main components of themobility management entity (MME) 112 shown in FIG. 1. The MME 112comprises a transceiver circuit 810 which is operable to transmitsignals to, and to receive signals from other network devices (such asthe HSS) via an associated network entity interface 812. The transceivercircuit 810 is also operable to transmit signals to, and to receivesignals from, a base station 5 via an eNB (S1) interface 816 includingS1-AP signalling for the base station 5, and NAS signalling, which istransparent to the base station, for the mobile communication device 3.

The operation of the transceiver circuit 810 is controlled by acontroller 816 in accordance with software stored in memory 818.

The software includes, among other things, an operating system 820, acommunication control module 822 and a security management module 825.

The communication control module 822 is configured for managing NASsignalling between the MME 112 and the mobile communication devices 3and S1-AP signalling between the MME 112 and the base station 5.

The security management module 825 is configured for managingcommunication security including the performance of authenticationprocedures, key and related security parameter generation andutilisation, and authentication and key agreement (AKA) procedures tothe extent that they are performed at the MME 112.

The security management module 825 is able to handle receipt/generationof appropriate parameters 826 for use in authentication/key generationprocedures. These parameters 826 include parameters 826-1 received fromother sources (e.g. CK, IK, AUTN, K_(ASME), RAND, XRES retrieved from anAV received from the HSS/AuC 114/116 etc.). The parameters 826 alsoinclude parameters 826-2 that may be derived at the MME 112 (e.g.K_(NASint), K_(NASenc), K_(eNB), NH etc.). The security managementmodule 825 also includes an AKA module 828 for managing AKA proceduresto the extent performed by the MME 112.

Operation Overview—Security Parameter Provision

FIGS. 9 to 13 show simplified timing diagrams each illustratingoperation of the telecommunication system of FIG. 1 in the performanceof a respective variation of a security procedure. As those skilled inthe art will appreciate, the timing diagrams only show signalling thatis particularly relevant to the security. Other signalling willgenerally occur but has, for reasons of clarity, been omitted from thesimplified timing diagrams.

As seen in FIGS. 9 to 13, each security procedure illustrated uses adifferent respective mechanism for ensuring that appropriate securityparameters (in particular appropriate values of K_(UPenc)) areconsistently used for U-plane protection both at the mobilecommunication device 3 and at the base station.

Whilst the different security procedures illustrated in FIGS. 9 to 13are shown separately, it will be appreciated that key features of thesecurity procedures may be combined, where appropriate, or provided asalternative implementation options in a deployed system.

MME based K_(eNB) Provision

FIG. 9 shows a simplified timing diagram illustrating operation of thetelecommunication system of FIG. 1 in the performance of a firstsecurity procedure in which appropriate security parameters, and inparticular appropriate values of K_(UPenc), are generated at the picobase station 5-2, 5-3 in response to signalling from the MME 112.

At the start of the security procedure illustrated, a mobilecommunication device 3 wishing to initiate communication in the picocell 5-1, 5-2 sends a non access stratum (NAS) message requestingattachment (e.g. an ‘NAS ATTACH REQUEST’ message) to the MME 112(transparently via the macro base stations 5-1) at S910 includinginformation identifying the SIM card 530 of the mobile communicationdevice 3 (e.g. the ‘international mobile subscriber identity (IMSI)’).

The MME 112 responds to this request, at S912, by sending a messagerequesting authentication and including information identifying the SIMcard 530 to the HSS 114 (e.g. and ‘AUTHENTICATION DATA REQUEST’message). The AuC function 116 of the HSS 114 derives RAND, XRES, CK,IK, AUTN and combines them to form an authentication vector for the SIMcard 530 (AV=RAND∥XRES∥CK∥IK∥AUTN) at S914 and sends the generated AV tothe MME 112 at S916 (e.g. in a ‘AUTHENTICATION DATA RESPONSE’ message).

The MME 112 retrieves IK, CK, XRES, RAND and AUTN from the AV at S918and sends the AUTN and RAND parameters to the mobile communicationdevice 3 using NAS signalling at S920 (e.g. in an ‘NAS AUTHENTICATIONREQUEST’ message).

The mobile communication device 3 responds, at S922, by authenticatingthe network using the received AUTN, and by deriving appropriatesecurity related parameters (IK, CK, RES etc.) using the storedpermanent security key ‘K’ and the received AUTN and RAND parameters(and any other parameters where necessary—e.g. AMF for the determinationof XMAC). Assuming the authentication is successful, the mobilecommunication device 3 sends the calculated value of RES to the MME 112at S924 (e.g. in an ‘NAS AUTHENTICATION RESPONSE’ message).

The MME 112 checks the received RES value against XRES at S926, resetsthe downlink NAS count, and derives values of K_(ASME), K_(eNB),K_(NASint) and K_(NASenc). The MME 112 then initiates NAS signallingsecurity between the MME 112 and the mobile communication device 3, atS928, by sending an NAS SECURITY MODE COMMAND message informing themobile communication device 3 of the respective algorithms to use forintegrity protection and (de)ciphering.

The mobile communication device 3 responds, at S930, by deriving valuesof K_(ASME), K_(eNB), K_(NASint) and K_(NASenc) and then, at S932, bysending a response message informing the MME 112 that NAS signallingsecurity initialisation is complete.

The method then proceeds by initiating security context setup at boththe pico base station 5-2, 5-3, and at the macro base station 5-1, bysending substantially duplicate S1 application (S1-AP) messages (e.g.‘S1-AP INITIAL CONTEXT SETUP REQUEST’ messages) to the pico base station5-2, 5-3 at S934, and to the macro base station 5-1 at S936. The S1-APmessages each include the derived value of K_(eNB) and details of thesecurity capabilities for the mobile communication device 3.

The pico base station 5-2, 5-3 then derives, at S938, the securityparameter(s) required for U-plane enciphering/deciphering (e.g.K_(UPenc)) from the received K_(eNB). Similarly, the macro base station5-1 derives, at S940, the security parameter(s) required for C-planeenciphering/deciphering (e.g. K_(RRCint) and K_(RRCenc)) from thereceived K_(eNB).

At S942, assuming security context setup at the pico base station 5-2,5-3 is successful, the pico base station 5-2, 5-3 confirms this to theMME 112 in an appropriate S1-AP message (e.g. an ‘S1-AP INITIAL CONTEXTSETUP RESPONSE’ message).

The macro base station 5-1 then initiates, at S944, an RRC (and userplane) security context setup at the mobile communication device 3 usingRRC signalling (e.g. an ‘RRC SECURITY MODE COMMAND’ message) whichincludes information identifying the algorithms used for integrityprotection and/or ciphering and an information indicating that theU-plane and C-plane are split (e.g. in the form of a dedicatedinformation element (IE), a modified IE, or re-use of an existing IE).

The mobile communication device 3 responds, at S946, by initialising theRRC security context for communication with the macro base station 5-1by deriving the values of K_(RRCint), K_(RRCenc) from the previouslycalculated value of K_(eNB) for use with control signalling from themacro base station 5-1. The mobile communication device 3 alsoinitialises the U-plane security context for communication with the picobase station 5-2, 5-3 by deriving the value of K_(UPenc) from K_(eNB)for use with user plane signalling to/from the pico base station 5-2,5-3.

Assuming the security context setup is successful the mobilecommunication device 3 confirms this, at S932, by sending an appropriateresponse message to the macro base station 5-1 (e.g. an ‘RRC SECURITYMODE COMPLETE’ message) at S950.

The macro base station 5-1 confirms, at S952, successful securitycontext setup to the MME 112 in an appropriate S1-AP message (e.g. an‘S1-AP INITIAL CONTEXT SETUP REQUEST’ message).

Once the various security contexts (NAS and AS) have been initialisedsuccessfully on the various devices, the control and user signallingconnections can be setup at S954 and the mobile communication device 3can commence communication in which control plane signalling (S956) isprovided by the macro base station 5-1 and U-plane signalling isprovided via the pico base station 5-2, 5-3 (S958).

Advantageously, therefore, this method provides an efficient way ofproviding appropriate communication security where different basestations are responsible for U-plane signalling and C-plane signallingrespectively. The user device is able to maintain an appropriatesecurity context for both the U-Plane and the C-plane thereby allowingit to encipher/decipher user data and control data correctly and to keeptrack of the security parameters (keys) used in the different basestations.

This approach has the benefit over the other methods described hereinthat it avoids the need for the modification of base station to basestation signalling (over the X2 or possibly a new interface) and theassociated increase X2-AP the complexity. However, other methodsdescribed herein have the benefit that S1 signalling duplication isavoided and hence S signalling overhead is reduced.

Base station based K_(eNB) Provision

FIG. 10 shows a simplified timing diagram illustrating operation of thetelecommunication system of FIG. 1 in the performance of a secondsecurity procedure in which appropriate security parameters, and inparticular appropriate values of K_(UPenc), are generated at the picobase station 5-2, 5-3 in response to signalling from the macro basestation 5-1.

At the start of the security procedure illustrated in FIG. 10, a mobilecommunication device 3 wishing to initiate communication in the picocell 5-1, 5-2 sends a non access stratum (NAS) message requestingattachment (e.g. an ‘NAS ATTACH REQUEST’ message) to the MME 112(transparently via the macro base stations 5-1) at S1010 includinginformation identifying the SIM card 530 of the mobile communicationdevice 3 (e.g. the ‘international mobile subscriber identity (IMSI)’).

The MME 112 responds to this request, at S1012, by sending a messagerequesting authentication and including information identifying the SIMcard 530 to the HSS 114 (e.g. and ‘AUTHENTICATION DATA REQUEST’message). The AuC function 116 of the HSS 114 derives RAND, XRES, CK,IK, AUTN and combines them to form an authentication vector for the SIMcard 530 (AV=RAND∥XRES∥CK∥IK∥AUTN) at S1014 and sends the generated AVto the MME 112 at S1016 (e.g. in a ‘AUTHENTICATION DATA RESPONSE’message).

The MME 112 retrieves IK, CK, XRES, RAND and AUTN from the AV at S1018and sends the AUTN and RAND parameters to the mobile communicationdevice 3 using NAS signalling at S1020 (e.g. in an ‘NAS AUTHENTICATIONREQUEST’ message).

The mobile communication device 3 responds, at S1022, by authenticatingthe network using the received AUTN, and by deriving appropriatesecurity related parameters (IK, CK, RES etc.) using the storedpermanent security key ‘K’ and the received AUTN and RAND parameters(and any other parameters where necessary—e.g. AMF for the determinationof XMAC). Assuming the authentication is successful, the mobilecommunication device 3 sends the calculated value of RES to the MME 112at S1024 (e.g. in an ‘NAS AUTHENTICATION RESPONSE’ message).

The MME 112 checks the received RES value against XRES at S1026, resetsthe downlink NAS count, and derives values of K_(ASME), K_(eNB),K_(NASint) and K_(NASenc). The MME 112 then initiates NAS signallingsecurity between the MME 112 and the mobile communication device 3, atS1028, by sending an NAS SECURITY MODE COMMAND message informing themobile communication device 3 of the respective algorithms to use forintegrity protection and (de)ciphering.

The mobile communication device 3 responds, at S1030, by deriving valuesof K_(ASME), K_(eNB), K_(NASint) and K_(NASenc) and then, at S1032, bysending a response message informing the MME 112 that NAS signallingsecurity initialisation is complete.

The method then proceeds by initiating security context setup at themacro base station 5-1, by sending an S1 application (S1-AP) message(e.g. an ‘S1-AP INITIAL CONTEXT SETUP REQUEST’ message) to the macrobase station 5-1 at S1034. The S1-AP message includes the derived valueof K_(eNB) and details of the security capabilities for the mobilecommunication device 3.

The macro base station 5-1 initiates security context setup at the picobase station 5-2, 5-3, by sending an X2 application (X2-AP) message(e.g. a new ‘X2-AP CONTEXT SETUP’ message) to the pico base station 5-2,5-3 at S1036. The X2-AP message includes the derived value of K_(eNB)and details of the security capabilities for the mobile communicationdevice 3.

The pico base station 5-2, 5-3 then derives, at S1038, the securityparameter(s) required for U-plane enciphering/deciphering (e.g.K_(UPenc)) from the received K_(eNB) received from the macro basestation 5-1. Similarly, the macro base station 5-1 derives, at S1040,the security parameter(s) required for C-plane enciphering/deciphering(e.g. K_(RRCint) and K_(RRCenc)) from the K_(eNB) received from the MME112.

At S1042, assuming security context setup at the pico base station 5-2,5-3 is successful, the pico base station 5-2, 5-3 confirms this to themacro base station 5-1 in an appropriate X2-AP message (e.g. an ‘X2-APCONTEXT SETUP RESPONSE’ message).

The macro base station 5-1 then initiates, at S1044, an RRC (and userplane) security context setup at the mobile communication device 3 usingRRC signalling (e.g. an ‘RRC SECURITY MODE COMMAND’ message) whichincludes information identifying the algorithms used for integrityprotection and/or ciphering and an information indicating that theU-plane and C-plane are split (e.g. in the form of a dedicatedinformation element (IE), a modified IE, or re-use of an existing IE).

The mobile communication device 3 responds, at S1046, by initialisingthe RRC security context for communication with the macro base station5-1 by deriving the values of K_(RRCint), K_(RRCenc) from the previouslycalculated value of K₅a for use with control signalling from the macrobase station 5-1. The mobile communication device 3 also initialises theU-plane security context for communication with the pico base station5-2, 5-3 by deriving the value of K_(UPenc) from K_(eNB) for use withuser plane signalling to/from the pico base station 5-2, 5-3.

Assuming the security context setup is successful the mobilecommunication device 3 confirms this, at S1032, by sending anappropriate response message to the macro base station 5-1 (e.g. an ‘RRCSECURITY MODE COMPLETE’ message) at S1050.

The macro base station 5-1 confirms, at S1052, successful securitycontext setup to the MME 112 in an appropriate S1-AP message (e.g. an‘S1-AP INITIAL CONTEXT SETUP REQUEST’ message).

Once the various security contexts (NAS and AS) have been initialisedsuccessfully on the various devices, the control and user signallingconnections can be setup at S1054 and the mobile communication devicecan commence communication in which control plane signalling (S1056) isprovided by the macro base station 5-1 and U-plane signalling isprovided via the pico base station 5-2, 5-3 (S1058).

Advantageously, therefore, this method provides another efficient way ofproviding appropriate communication security where different basestations are responsible for U-plane signalling and C-plane signallingrespectively. The user device is able to maintain an appropriatesecurity context for both the U-Plane and the C-plane thereby allowingit to encipher/decipher user data and control data correctly and to keeptrack of the security parameters (keys) used in the different basestations.

Informing the mobile communication device of the C-plane/U-plane splitin this way provides an efficient way of ensuring that the mobilecommunication device has the information required to establish thatderivation of the user plane security parameter (K_(UPenc)) is requiredfor communication with the pico cell.

This approach has the benefit over the first method described hereinthat it avoids S signalling duplication and hence reduces S1 signallingoverhead. The first method has the benefit, however, that it avoids theneed for the modification of base station to base station signalling(over the X2 or possibly a new interface) and the associated increaseX2-AP the complexity.

Base Station Based K_(UPenc) Provision

FIG. 11 shows a simplified timing diagram illustrating operation of thetelecommunication system of FIG. 1 in the performance of a thirdsecurity procedure in which appropriate security parameters, and inparticular appropriate values of K_(UPenc), are generated at the macrobase station 5-1 in response to signalling from the MME 112, and areforwarded to the pico base station 5-2, 5-3 over the X2 interface.

At the start of the security procedure illustrated in FIG. 11, a mobilecommunication device 3 wishing to initiate communication in the picocell 5-1, 5-2 sends a non access stratum (NAS) message requestingattachment (e.g. an ‘NAS ATTACH REQUEST’ message) to the MME 112(transparently via the macro base stations 5-1) at S1110 includinginformation identifying the SIM card 530 of the mobile communicationdevice 3 (e.g. the ‘international mobile subscriber identity (IMSI)’).

The MME 112 responds to this request, at S1112, by sending a messagerequesting authentication and including information identifying the SIMcard 530 to the HSS 114 (e.g. and ‘AUTHENTICATION DATA REQUEST’message). The AuC function 116 of the HSS 114 derives RAND, XRES, CK,IK, AUTN and combines them to form an authentication vector for the SIMcard 530 (AV=RAND∥XRES∥CK∥IK∥AUTN) at S1114 and sends the generated AVto the MME 112 at S1116 (e.g. in a ‘AUTHENTICATION DATA RESPONSE’message).

The MME 112 retrieves IK, CK, XRES, RAND and AUTN from the AV at S1118and sends the AUTN and RAND parameters to the mobile communicationdevice 3 using NAS signalling at S1120 (e.g. in an ‘NAS AUTHENTICATIONREQUEST’ message).

The mobile communication device 3 responds, at S1122, by authenticatingthe network using the received AUTN, and by deriving appropriatesecurity related parameters (IK, CK, RES etc.) using the storedpermanent security key ‘K’ and the received AUTN and RAND parameters(and any other parameters where necessary—e.g. AMF for the determinationof XMAC). Assuming the authentication is successful, the mobilecommunication device 3 sends the calculated value of RES to the MME 112at S1124 (e.g. in an ‘NAS AUTHENTICATION RESPONSE’ message).

The MME 112 checks the received RES value against XRES at S1126, resetsthe downlink NAS count, and derives values of K_(ASME), K_(eNB),K_(NASint) and K_(NASenc). The MME 112 then initiates NAS signallingsecurity between the MME 112 and the mobile communication device 3, atS1128, by sending an NAS SECURITY MODE COMMAND message informing themobile communication device 3 of the respective algorithms to use forintegrity protection and (de)ciphering.

The mobile communication device 3 responds, at S1130, by deriving valuesof K_(ASME), K_(eNB), K_(NASint) and K_(NASenc) and then, at S1132, bysending a response message informing the MME 112 that NAS signallingsecurity initialisation is complete.

The method then proceeds by initiating security context setup at themacro base station 5-1, by sending an S1 application (S1-AP) message(e.g. an ‘S1-AP INITIAL CONTEXT SETUP REQUEST’ message) to the macrobase station 5-1 at S1134. The S1-AP message includes the derived valueof K_(eNB) and details of the security capabilities for the mobilecommunication device 3.

The macro base station 5-1 derives, at S1140, the security parameter(s)required for C-plane protection (e.g. K_(RRCint) and K_(RRCenc)) and forU-plane protection (e.g. K_(UPenc)) from the K_(eNB) received from theMME 112.

The macro base station 5-1 initiates security context setup at the picobase station 5-2, 5-3, by sending an X2 application (X2-AP) message(e.g. a new ‘X2-AP CONTEXT SETUP’ message) to the pico base station 5-2,5-3 at S1136. The X2-AP message includes the derived value of K_(UPenc)and details of the security capabilities for the mobile communicationdevice 3.

The pico base station 5-2, 5-3, on receipt of K_(UPenc) from the macrobase station 5-1, and assuming security context setup at the pico basestation 5-2, 5-3 is successful, confirms this to the macro base station5-1 in an appropriate X2-AP message (e.g. an ‘X2-AP CONTEXT SETUPRESPONSE’ message) at S1142.

The macro base station 5-1 then initiates, at S1144, an RRC (and userplane) security context setup at the mobile communication device 3 usingRRC signalling (e.g. an ‘RRC SECURITY MODE COMMAND’ message) whichincludes information identifying the algorithms used for integrityprotection and/or ciphering and an information indicating that theU-plane and C-plane are split (e.g. in the form of a dedicatedinformation element (IE), a modified IE, or re-use of an existing IE).

The mobile communication device 3 responds, at S1146, by initialisingthe RRC security context for communication with the macro base station5-1 by deriving the values of K_(RRCint), K_(RRCenc) from the previouslycalculated value of K_(eNB) for use with control signalling from themacro base station 5-1. The mobile communication device 3 alsoinitialises the U-plane security context for communication with the picobase station 5-2, 5-3 by deriving the value of K_(UPenc) from K_(eNB)for use with user plane signalling to/from the pico base station 5-2,5-3.

Assuming the security context setup is successful the mobilecommunication device 3 confirms this, at S1132, by sending anappropriate response message to the macro base station 5-1 (e.g. an ‘RRCSECURITY MODE COMPLETE’ message) at S1150.

The macro base station 5-1 confirms, at S1152, successful securitycontext setup to the MME 112 in an appropriate S1-AP message (e.g. an‘S1-AP INITIAL CONTEXT SETUP REQUEST’ message).

Once the various security contexts (NAS and AS) have been initialisedsuccessfully on the various devices, the control and user signallingconnections can be setup at S1154 and the mobile communication devicecan commence communication in which control plane signalling (S1156) isprovided by the macro base station 5-1 and U-plane signalling isprovided via the pico base station 5-2, 5-3 (S1158).

Advantageously, therefore, this method provides another efficient way ofproviding appropriate communication security where different basestations are responsible for U-plane signalling and C-plane signallingrespectively. The user device is able to maintain an appropriatesecurity context for both the U-Plane and the C-plane thereby allowingit to encipher/decipher user data and control data correctly and to keeptrack of the security parameters (keys) used in the different basestations.

Informing the mobile communication device of the C-plane/U-plane splitin this way provides an efficient way of ensuring that the mobilecommunication device has the information required to establish thatderivation of the user plane security parameter (K_(UPenc)) is requiredfor communication with the pico cell.

This approach has the benefit over the other methods described hereinthat the pico base station does not have to derive K_(UPenc) itselfthereby simplifying it further which is in keeping with the generaldesire to keep its complexity to a minimum. However, other methodsdescribed herein have the security benefit, over this method, that thevalue of K_(UPenc) (which is also used by the mobile telephone 3) is nottransmitted and therefore cannot be as easily compromised (e.g. by‘eavesdropping’), which can lead to user data security beingcompromised. If K_(eNB), which is transferred in other methods, iscompromised it is not a trivial matter to derive K_(UPenc) from itbecause of the need to know other security keys to do so.

Base Station Based K_(eNB)* Provision

It will be appreciated that, currently, the transfer of K_(eNB) andK_(UPenc) between base stations is not supported in any circumstances.FIG. 12 shows a simplified timing diagram illustrating operation of thetelecommunication system of FIG. 1 in the performance of a fourthsecurity procedure in which, rather than transfer a parameter for whichbetween base stations transfer is not currently supported, a securityparameter (K_(eNB)*) is transferred for which transfer between basestations is currently supported, albeit in limited circumstances.Specifically, currently the transfer of K_(eNB)* between base stationsis supported during handover. Accordingly, this fourth securityprocedure extends the circumstances in which K_(eNB)* is supported tosecurity context setup in the case of a U-plane/C-plane split.

Specifically, K_(eNB)* is generated at the macro base station 5-1 (as itwould be during a handover) in response to signalling from the MME 112,and is forwarded to the pico base station 5-2, 5-3 over the X2interface.

At the start of the security procedure illustrated in FIG. 12, a mobilecommunication device 3 wishing to initiate communication in the picocell 5-1, 5-2 sends a non access stratum (NAS) message requestingattachment (e.g. an ‘NAS ATTACH REQUEST’ message) to the MME 112(transparently via the macro base stations 5-1) at S1210 includinginformation identifying the SIM card 530 of the mobile communicationdevice 3 (e.g. the ‘international mobile subscriber identity (IMSI)’).

The MME 112 responds to this request, at S1212, by sending a messagerequesting authentication and including information identifying the SIMcard 530 to the HSS 114 (e.g. and ‘AUTHENTICATION DATA REQUEST’message). The AuC function 116 of the HSS 114 derives RAND, XRES, CK,IK, AUTN and combines them to form an authentication vector for the SIMcard 530 (AV=RAND∥XRES∥CK∥IK∥AUTN) at S1214 and sends the generated AVto the MME 112 at S1216 (e.g. in a ‘AUTHENTICATION DATA RESPONSE’message).

The MME 112 retrieves IK, CK, XRES, RAND and AUTN from the AV at S1218and sends the AUTN and RAND parameters to the mobile communicationdevice 3 using NAS signalling at S1220 (e.g. in an ‘NAS AUTHENTICATIONREQUEST’ message).

The mobile communication device 3 responds, at S1222, by authenticatingthe network using the received AUTN, and by deriving appropriatesecurity related parameters (IK, CK, RES etc.) using the storedpermanent security key ‘K’ and the received AUTN and RAND parameters(and any other parameters where necessary—e.g. AMF for the determinationof XMAC). Assuming the authentication is successful, the mobilecommunication device 3 sends the calculated value of RES to the MME 112at S1224 (e.g. in an ‘NAS AUTHENTICATION RESPONSE’ message).

The MME 112 checks the received RES value against XRES at S1226, resetsthe downlink NAS count, and derives values of K_(ASME), K_(eNB),K_(NASint) and K_(NASenc). The MME 112 then initiates NAS signallingsecurity between the MME 112 and the mobile communication device 3, atS1228, by sending an NAS SECURITY MODE COMMAND message informing themobile communication device 3 of the respective algorithms to use forintegrity protection and (de)ciphering.

The mobile communication device 3 responds, at S1230, by deriving valuesof K_(ASME), K_(eNB), K_(NASint) and K_(NASenc) and then, at S1232, bysending a response message informing the MME 112 that NAS signallingsecurity initialisation is complete.

The method then proceeds by initiating security context setup at themacro base station 5-1, by sending an S1 application (S1-AP) message(e.g. an ‘S1-AP INITIAL CONTEXT SETUP REQUEST’ message) to the macrobase station 5-1 at S1234. The S1-AP message includes the derived valueof K_(eNB) and details of the security capabilities for the mobilecommunication device 3.

The macro base station 5-1 initiates security context setup at the picobase station 5-2, 5-3, by sending an X2 application (X2-AP) message(e.g. a new ‘X2-AP CONTEXT SETUP’ message) to the pico base station 5-2,5-3 at S1236. The X2-AP message includes a value of K_(eNB)*, derivedfrom the value of K_(eNB) from the MME 112 (and possibly a value of NH),and details of the security capabilities for the mobile communicationdevice 3. The value of K_(eNB)* is effectively derived in the same wayas for handover although it may be given another name (e.g. K_(eNB)**)to allow it to be distinguished from the handover case.

The pico base station 5-2, 5-3, on receipt of K_(eNB)* from the macrobase station 5-1, derives, at S1238, the security parameter(s) requiredfor U-plane enciphering/deciphering. Specifically, the pico base station5-2, 5-3 derives a value of K_(eNB) (effectively a ‘pico’ K_(eNB)) fromthe received K_(eNB)* and a value of K_(UPenc) from the derived picoK_(eNB). Similarly, the macro base station 5-1 derives, at S1240, thesecurity parameter(s) required for C-plane enciphering/deciphering (e.g.K_(RRCint) and K_(RRCenc)) from the K_(eNB) received from the MME 112.

Assuming that security context setup is successful, the pico basestation 5-2, 5-3 confirms this to the macro base station 5-1 in anappropriate X2-AP message (e.g. an ‘X2-AP CONTEXT SETUP RESPONSE’message) at S1242.

The macro base station 5-1 then initiates, at S1244, an RRC (and userplane) security context setup at the mobile communication device 3 usingRRC signalling (e.g. an ‘RRC SECURITY MODE COMMAND’ message) whichincludes information identifying the algorithms used for integrityprotection and/or ciphering and an information indicating that theU-plane and C-plane are split (e.g. in the form of a dedicatedinformation element (IE), a modified IE, or re-use of an existing IE).

The mobile communication device 3 responds, at S1246, by initialisingthe RRC security context for communication with the macro base station5-1 by deriving the values of K_(RRCint), K_(RRCenc) from the previouslycalculated value of (‘macro’) K_(eNB) for use with control signallingfrom the macro base station 5-1. The mobile communication device 3 alsoinitialises the U-plane security context for communication with the picobase station 5-2, 5-3 by deriving the value of K_(eNB)* and hence the‘pico’ K_(eNB) from which the correct K_(UPenc) can be found for usewith user plane signalling to/from the pico base station 5-2, 5-3.

Assuming the security context setup is successful the mobilecommunication device 3 confirms this, at S1232, by sending anappropriate response message to the macro base station 5-1 (e.g. an ‘RRCSECURITY MODE COMPLETE’ message) at S1250.

The macro base station 5-1 confirms, at S1252, successful securitycontext setup to the MME 112 in an appropriate S1-AP message (e.g. an‘S1-AP INITIAL CONTEXT SETUP REQUEST’ message).

Once the various security contexts (NAS and AS) have been initialisedsuccessfully on the various devices, the control and user signallingconnections can be setup at S1254 and the mobile communication devicecan commence communication in which control plane signalling (S1256) isprovided by the macro base station 5-1 and U-plane signalling isprovided via the pico base station 5-2, 5-3 (S1258).

Advantageously, therefore, this method provides another efficient way ofproviding appropriate communication security where different basestations are responsible for U-plane signalling and C-plane signallingrespectively. The user device is able to maintain an appropriatesecurity context for both the U-Plane and the C-plane thereby allowingit to encipher/decipher user data and control data correctly and to keeptrack of the security parameters (keys) used in the different basestations.

Informing the mobile communication device of the C-plane/U-plane splitin this way provides an efficient way of ensuring that the mobilecommunication device has the information required to establish thatderivation of the user plane security parameter (K_(UPenc)) is requiredfor communication with the pico cell.

This approach has the benefit over the other methods described hereinthat it does not require security parameters to be transferred betweenbase stations for which such transfer is not currently supported.However, other methods described herein have the benefit addedcomplexity in order to properly derive K_(eNB)* in non-handoverscenarios.

Separate Authentication and Key Agreement (AKA) Procedures

FIG. 13 shows a simplified diagram illustrating operation of thetelecommunication system of FIG. 1 in the performance of a furthersecurity procedure in which, rather than run a single AKA procedure forthe macro base station 5-1 during which appropriate security parametersare passed to and/or derived at the pico base station 5-2, 5-3 (e.g. asillustrated in each of FIGS. 9 to 11), separate AKA procedures are runfor the macro base station 5-1 and pico base station 5-2, 5-3.

As seen in FIG. 13, the procedure involves, at S1313, AS securityprocedures being run for communications between the macro base station5-1 and the mobile communication device 3. During this procedure themobile communication device 3, the macro base station 5-1 and the MME112, each generates and maintains its own respective security contextS1312-1, S1312-2, S1312-3 for the C-plane signalling between the macrobase station 5-1 and the mobile communication device 3. The generationof each security context includes the derivation of appropriatemacro/C-plane specific security keys (e.g. K_(RRCint), K_(RRCenc) etc.as described previously).

The procedure also involves, at S1314, AS security procedures being runfor communications between the pico base station 5-2, 5-3 and the mobilecommunication device 3. During this procedure the mobile communicationdevice 3, the pico base station 5-2, 5-3 and the MME 112, each generatesand maintains its own respective security context S1316-1, S1316-2,S1316-3 for the U-plane signalling between the pico base station 5-2,5-3 and the mobile communication device 3. The generation of eachsecurity context includes the derivation of appropriate pico/U-planespecific security keys (e.g. K_(UPenc) etc. as described previously).

It will be appreciated that the procedures of S1313 and S1314 may be runsequentially in any appropriate order or in parallel.

It can be seen, therefore, that as a result of the procedure in FIG. 13,the MME 112 and the mobile communication device 3 each maintain twoactive security contexts. In order to support the presence of two activesecurity contexts, handover signalling (for handover from macro+pico toanother macro+pico) in this example is modified to allow the exchange oftwo security contexts. For example, the signalling might be modified toallow two KeNB* (based on each KeNB) to be generated and transferred,different security algorithm (if different algorithms are used) to benotified, and the signalling of other general information relating tothe two different security contexts.

Further, in order to support the dual AKA procedure of FIG. 13, RRC andNAS messages are modified appropriately. For example, the RRC SECURITYMODE COMMAND is modified to include information identifying the securityalgorithm for each AKA procedure and the NAS security messages aremodified to include duplicates of the security parameters wherenecessary.

The mobile communication device 3 maintains two ciphering instances(e.g. in the PDCP layer) each with its own set of security keys—one forcontrol plane ciphering and one for user plane ciphering.

It will be appreciated that, a similar procedure could be applied, ifnecessary, for generating separate NAS contexts for the pico and macrobase stations AKA procedure being un. The procedure would be similar tothat described with reference to FIGS. 9 to 12 but, during thisprocedure, the mobile communication device 3 and the MME 112 would eachgenerate and maintain an NAS security context for the macro base station5-1 and a separate NAS security context for the pico base station 5-2,5-3. The generation and transmission of the NAS security contexts mightinclude the derivation and transmission of duplicate security parameters(one copy for each context) where appropriate.

Key Change on the Fly Procedures

Regardless of which of the above procedures is implemented, in order toavoid potential security issues associated with PDCP COUNT rollover, thepico base station 5-2, 5-3, is operable to inform the macro base station5-1, when PDCP COUNT rollover has occurred, or is about to occur, usinga new X2-AP message including an information element indicating theK_(UPenc) requires changing (e.g. a ‘K_(UPenc) key change’ IE). Inresponse to receiving this message the macro base station 5-1 initiatesan inter-cell hand over which will, ultimately, result in communicationcontinuing in the current pico/macro cell pair but using a differentvalue of K_(UPenc) for user plane ciphering.

Similarly, where other security parameters, such as K_(eNB), are changeddynamically and provided by the MME 112 to the macro base station 5-1(in accordance with current procedures) the macro base station 5-1 isconfigured to forward the new K_(eNB) to the pico base station 5-2, 5-3when the procedure shown in FIG. 10 is implemented. Where the procedureshown in FIG. 11 is implemented the macro base station 5-1 is configuredto forward a new K_(eNB)* to the pico base station 5-2, 5-3. Where theprocedure shown in FIG. 12 is implemented the macro base station 5-1 isconfigured to forward a new K_(UPenc) to the pico base station 5-2, 5-3.Where the procedure shown in FIG. 9 is implemented the MME 112 isconfigured to forward the new K_(eNB) to the pico base station 5-2, 5-3in a duplicate S1 message.

Modifications and Alternatives

A detailed embodiment and has been described above. As those skilled inthe art will appreciate, a number of modifications and alternatives canbe made to the above embodiment and variations whilst still benefitingfrom the inventions embodied therein.

In the above embodiments one macro cell 7 and two pico cells 10 aredescribed; the pico cells are operated using component carriers havingthe same frequency band (F2) and the macro cell is operated using acomponent carrier having a different frequency band (F1) and. It will beappreciated that in a deployed system there may be any number of picocells each of which may operate on a component carrier having adifferent respective frequency band and could potentially operate on acomponent carrier having the same frequency band as the macro cell.

In the above embodiments the macro and pico base stations may have thesame security capabilities. If different security capabilities aresupported, however, the mobile communication device is informed (e.g. inthe ‘RRC SECURITY MODE COMMAND’ or other similar message) of theappropriate capabilities for each base station thereby allowing themobile communication device using the correct algorithms.

In the above embodiments the ciphering key is transferred from the macrobase station or derived by the pico base station based on securityinformation received from either the MME or the macro base station. Itwill be appreciated that the other parameters required for U-planeciphering/deciphering may be derived as follows: COUNT may be maintainedby the pico base station at the PDCP level; BEARER identity may eitherbe transferred from the macro base station or may be selected by thepico base station; and DIRECTION may be set either at the macro or thepico base station. Appropriate synchronisation may be provided betweenthe macro and pico base stations to ensure, for example, that thecorrect bearer identity is known both at the macro and the pico basestation. In the event that both base stations have the information andcapability to decide a particular parameter (e.g. ‘DIRECTION’) only onewill make the decision and this will be informed to the other basestation.

The detailed description provided for the embodiments of FIGS. 9 to 12relate to procedures for initial connection establishment. It will beappreciated that a similar approach may be used when a decision to splitthe U-plane and C-plane is taken at a later stage. For example, wherethe mobile communication device is engaged in a type of user planecommunication that is provided by the macro cell (say voice over IP'VoIP) and then starts a different form of user plane communicationwhich is provided by the pico cell (say a web browsing session) aC-plane/U-plane split may need to be initiated. In this case an S1 UECONTEXT MODIFICATION (with a corresponding response) may be used toprovide the pico base with appropriate security information (analogousto the process of FIG. 9). Similarly, a new X2 message (with acorresponding response) may be provided (e.g. an X2-AP CONTEXTMODIFICATION message) (analogous to the processes of any of FIGS. 10 to12). Moreover, the RRC signalling used to provide the mobilecommunication device with appropriate security information (where thesecurity parameters have changed) and/or an indication that a split hasoccurred may be a message such as an RRC Roconfiguration message (with acorresponding response).

Whilst specific new X2-AP messages (X2-AP CONTEXT SETUP and ‘X2-APCONTEXT SETUP RESPONSE) has been described it will be appreciated thatany suitable X2-AP message may be used including the re-use of anexisting message with the addition of appropriate information elements.

Further although information such as K_(eNB) is described as beingexchanged over an X2 interface between the pico and macro base stations,it will be appreciated that the interface between the base stations maybe a new dedicated interface (e.g. an ‘X3’ interface).

Although the RRC SECURITY MODE COMMAND message has been described asincluding information indicating that the U-plane and C-plane are split(e.g. in the form of a dedicated information element (IE), a modifiedIE, or re-use of an existing IE) an indication of the C-plane/U-planesplit could (alternatively or additionally) be notified to the mobilecommunication device in an NAS message such as a NAS SECURITY MODECOMMAND message.

The information elements included in such a message will typicallyinclude, for example:

-   -   A Security Key IE for messages from the macro base station to        the pico base station (which may be used in the procedures of        FIG. 10 to 13 or for key change on the fly procedures)        -   This may be K_(eNB) or Next hop (NH)        -   In the case of the implementation of FIG. 10, for example,            it may be the macro K_(eNB)        -   In the case of the implementation of FIG. 12 it may be KeNB*        -   In the case of the dual AKAs of FIG. 13 it may be the Pico            KeNB for the new AKA    -   A UE Security Capabilities IE for messages from the macro base        station to the pico base station (to indicate a change in        security capabilities for example)    -   A Kupenc key change IE for messages from the pico base station        to the macro base station (to indicate the need for an intra        cell handover procedure on PDCP COUNT rollover)

Referring to the timing diagrams, it will be appreciated that in manycases the messaging may not need to follow the specific order shown butmay follow any logical order.

Referring to FIG. 9, by way of example, it will be appreciated by thoseskilled in the art that although the S1-AP messages sent to the pico andmacro base stations to initiate AS security context setup (S934, S936),and the resulting U-plane and C-plane key derivation (S938, S940), areshown occurring in a particular order (for the purposes of clearillustration) they may occur in any appropriate order or, whereappropriate, in parallel. Specifically, for example, initiation ofsecurity context initialisation and key derivation at the pico basestation 5-2, 5-3 (S934, S938) may occur wholly before, wholly after, orsubstantially in parallel with the corresponding initiation of securitycontext initialisation and key derivation (S936, S940) at the macro basestation 5-1. Similarly, the associated S1-AP response messages may besent at any appropriate juncture after successful security contextinitialisation.

Further whilst, in FIG. 9, a duplicate of only one S1-AP message (S1-APINITIAL CONTEXT SETUP) is shown as being sent to the pico base stationto provide appropriate security parameters. It will be appreciated thata duplicate of any suitable S1-AP message carrying security parametersmay be provided to the pico base station including, for example, a UECONTEXT MODIFICATION message or the like.

In relation to the dual AKA procedure described with reference to FIG.13, it will be appreciated that there may be a scenario in which thepico base station is not an E-UTRAN base station but instead connects toa non-EUTRAN or even a non-3GPP network. In this case the non-3GPPnetwork may perform its own security procedure for the user plane whilstthe macro base station still performs a 3GPP security procedure therebyresulting in a non-3GPP security context for the user plane and a 3GPPsecurity context for the control plane.

It will be appreciated that although the communication system 1 isdescribed in terms of base stations 5 operating as macro or pico basestations, the same principles may be applied to base stations operatingas femto base stations, relay nodes providing elements of base stationfunctionality, or other such communication nodes.

In the above embodiments, a mobile telephone based telecommunicationssystem was described. As those skilled in the art will appreciate, thesignalling techniques described in the present application can beemployed in other communications system. Other communications nodes ordevices may include user devices such as, for example, personal digitalassistants, laptop computers, web browsers, etc. As those skilled in theart will appreciate, it is not essential that the above described relaysystem be used for mobile communications devices. The system can be usedto extend the coverage of base stations in a network having one or morefixed computing devices as well as or instead of the mobilecommunicating devices.

In the embodiments described above, the base stations 5 and mobilecommunication devices 3 each include transceiver circuitry. Typically,this circuitry will be formed by dedicated hardware circuits. However,in some embodiments, part of the transceiver circuitry may beimplemented as software run by the corresponding controller.

In the above embodiments, a number of software modules were described.As those skilled in the art will appreciate, the software modules may beprovided in compiled or un-compiled form and may be supplied to the basestation or the relay station as a signal over a computer network, or ona recording medium. Further, the functionality performed by part or allof this software may be performed using one or more dedicated hardwarecircuits.

Various other modifications will be apparent to those skilled in the artand will not be described in further detail here.

This application is based upon and claims the benefit of priority fromUnited Kingdom Patent Application No. 1300884.2, filed on Jan. 17, 2013,the disclosure of which is incorporated herein in its entirety byreference.

The invention claimed is:
 1. A user equipment for a communicationnetwork having a master communication apparatus providing a mastercommunication cell and a secondary communication apparatus providing asecondary communication cell, the user equipment comprising: at leastone processor; and at least one memory operatively coupled with the atleast one processor, wherein the at least one processor is configuredto: receive control plane signalling from the master communicationapparatus; derive a security key of the master communication apparatus;derive, using the derived security key of the master communicationapparatus, at least one control plane security key for control planecommunication between the user equipment and the master communicationapparatus; derive, using the derived security key of the mastercommunication apparatus, a security key of the secondary communicationapparatus during dual connectivity; derive, using the security key ofthe secondary communication apparatus, a user plane security key; anduse the derived user plane security key for user plane communicationbetween the user equipment and the secondary communication apparatus. 2.The user equipment according to claim 1, wherein the security key of thesecondary communication apparatus is derived based on the control planesignalling from the master communication apparatus.
 3. A methodperformed by user equipment in a communication network having a mastercommunication apparatus providing a master communication cell and asecondary communication apparatus providing a secondary communicationcell, the method comprising: receiving control plane signalling from themaster communication apparatus; deriving a security key of the mastercommunication apparatus; deriving, using the derived security key of themaster communication apparatus, at least one control plane security keyfor control plane communication between the user equipment and themaster communication apparatus; deriving, using the derived security keyof the master communication apparatus, a security key of the secondarycommunication apparatus during dual connectivity; deriving, using thesecurity key of the secondary communication apparatus, a user planesecurity key; and using the derived user plane security key for userplane communication between the user equipment and the secondarycommunication apparatus.
 4. The method according to claim 3, wherein thesecurity key of the secondary communication apparatus is derived basedon the control plane signalling from the master communication apparatus.